Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

CssImport when using Component Exporter by Mikhail Shabarov, 1 month ago
Recent Posts
Vaadin Forum1. Vaadin Flow - Java

Issue In Vaadin while using in Embeded

Imran Momin
2 years ago Mar 02, 2020 2:35pm

I have created my application in Vaadin 14 and I display that application in my website inside IFrame and It shows an error like Cookies are disabled.

This issue happens in Chrome as chrome introduce a new cookie flag SameSite for security reason.

Please follow the below step to reproduce the issue.

  1. Download Chrome Canary , then install and launch it.

  2. In Canary, navigate to chrome://settings/help and verify that you see Google Chrome is up to date, if not then update Canary.

  3. Navigate to chrome://flags/#samesite and enable these three SameSite flags:

SameSite by default cookies

Enable removing SameSite=None cookies

Cookies without SameSite must be secure

Last updated on Mar, 2nd 2020
Tatu Lund
2 years ago Mar 03, 2020 9:15am

So it is probably related to this

https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html

Could you open a ticket at https://github.com/vaadin/flow/issues and include simple test app

Imran Momin
2 years ago Mar 03, 2020 10:09am

Tatu, I really appreciate for your response. I posted the issue in github please check below link. https://github.com/vaadin/flow/issues/7736

Imran Momin
2 years ago Mar 03, 2020 10:10am

Is there any workaround for this issue ?

Imran Momin
2 years ago Mar 04, 2020 2:19pm

Tatu Lund: So it is probably related to this

https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html

Could you open a ticket at https://github.com/vaadin/flow/issues and include simple test app

Can you please tell me when the Vaadin creates the session cookies ?

Tatu Lund
2 years ago Mar 05, 2020 12:17pm

JSESSION cookie is not created by Vaadin, but the container where the Vaadin app is being run. So you need check how it is configured in your setup depending on are you using Tomcat etc.

Imran Momin
2 years ago Mar 17, 2020 7:24am

I solved that problem by making few changes on server configuration.

If you are using tomcat server than please add following lines to conf/context.xml file.

<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" sameSiteCookies="None" />

If you are using spring boot embeded tomcat than you need to create configuration class like below

import org.apache.tomcat.util.http.LegacyCookieProcessor;
import org.apache.tomcat.util.http.SameSiteCookies;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class LegacyCookieProcessorConfiguration {

	// tag::customizer[]
	@Bean
	public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
		return (factory) -> factory.addContextCustomizers((context) -> {
			LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor();
			legacyCookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue());
			context.setCookieProcessor(legacyCookieProcessor);
		});
	}
	// end::customizer[]

}
Last updated on Mar, 17th 2020
Nate Zheng
1 year ago Oct 15, 2020 4:15am

Imran Momin: I solved that problem by making few changes on server configuration.

If you are using tomcat server than please add following lines to conf/context.xml file.

<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" sameSiteCookies="None" />

If you are using spring boot embeded tomcat than you need to create configuration class like below

import org.apache.tomcat.util.http.LegacyCookieProcessor;
import org.apache.tomcat.util.http.SameSiteCookies;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class LegacyCookieProcessorConfiguration {

	// tag::customizer[]
	@Bean
	public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
		return (factory) -> factory.addContextCustomizers((context) -> {
			LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor();
			legacyCookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue());
			context.setCookieProcessor(legacyCookieProcessor);
		});
	}
	// end::customizer[]

}

I only use HttpServletResponse response.addCookie(tokenCookie); It works

John Moe
1 year ago Jan 08, 2021 2:10pm

Imran Momin:

@Configuration
public class LegacyCookieProcessorConfiguration {

	@Bean
	public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
		return (factory) -> factory.addContextCustomizers((context) -> {
			LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor();
			legacyCookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue());
			context.setCookieProcessor(legacyCookieProcessor);
		});
	}
}

Okay so this almost worked out of the box for me.

I have two profiles where one configures http and the other https. I could only run Irmans code while configuring https. If if run the code with http the login page reloads continiously in enormous speed.

So by limiting the above code with "@Profile("prod") // https" it works.

Last updated on Jan, 8th 2021